apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  creationTimestamp: '2024-03-07T19:56:26Z'
  generation: 15
  name: complete-dell-management-secure-erase
  namespace: baremetal-cr
spec:
  params:
    - name: bmc-user
      type: string
      description: The username for the BMC
    - name: bmc-pass
      type: string
      description: The password for the BMC
    - name: ocp-cluster-name
      type: string
      description: OpenShift cluster name for virtual media
    - name: infra-env
      type: string
      description: infra env
    - name: rack-ns
      type: string
      default: acm-config
      description: namespace of rackvars
  steps:
    - name: setup-bmc
      image: docker-enterprise-dev.artifactrepository.citigroup.net/cate-citisystems-openshift/openshift4:4.12.33-x86_64-cli
      script: |
        #!/usr/bin/env python3
        import os
        import requests
        import json
        import sys

        # Disable warnings for SSL Certificate
        requests.packages.urllib3.disable_warnings()

        infra_env = os.getenv('infra-env')
        rack_ns = os.getenv('rack-ns')
        bmc_user = os.getenv('bmc-user')
        bmc_pass = os.getenv('bmc-pass')
        ocp_cluster_name = os.getenv('ocp-cluster-name')
        ok_status = [200, 201, 202, 203, 204]

        machines = json.loads(os.popen(f'oc get rack {infra_env} -n {rack_ns} -o jsonpath={{.spec.machines}}').read())

        for machine in machines:
            name = machine['name']
            bmc_ip = machine['bmc_ip']
            node_type = machine['node_type']

            # Create a session to get the X-Auth-Token
            session_url = f"https://{bmc_ip}/redfish/v1/SessionService/Sessions/"
            system_url = f"https://{bmc_ip}/redfish/v1/Systems"
            managers_url = f"https://{bmc_ip}/redfish/v1/Managers"

            session_response = requests.post(session_url, verify=False, headers={"Content-Type": "application/json"}, json={"UserName": bmc_user, "Password": bmc_pass})

            if session_response.status_code not in ok_status:
                print(f'Failed to create a session to get X-Auth-Token for {name}. Status code: {session_response.status_code}')
                continue

            token = session_response.headers.get("X-Auth-Token")
            auth_header = {"X-Auth-Token": token}

            # Securely erases eligible storage devices and manage virtual disks
            # Define headers for requests with the token
            headers = {
                "Content-Type": "application/json",
                "X-Auth-Token": token
            }

            # Example of secure erase operation
            controllers_url = f'https://{bmc_ip}/redfish/v1/Systems/System.Embedded.1/Storage'
            controllers_response = requests.get(controllers_url, headers=headers, verify=False)
            if controllers_response.status_code == 200:
                controllers = controllers_response.json().get('Members', [])
                for controller in controllers:
                    controller_id = controller['@odata.id'].split('/')[-1]
                    disks_url = f'{controllers_url}/{controller_id}/Drives'
                    disks_response = requests.get(disks_url, headers=headers, verify=False)
                    if disks_response.status_code == 200:
                        disks = disks_response.json().get('Members', [])
                        for disk in disks:
                            disk_id = disk['@odata.id'].split('/')[-1]
                            erase_url = f'{disks_url}/{disk_id}/Actions/Drive.SecureErase'
                            erase_response = requests.post(erase_url, headers=headers, json={}, verify=False)
                            if erase_response.status_code == 204:
                                print(f'Secure erase initiated for disk {disk_id} on controller {controller_id}.')
                            else:
                                print(f'Failed to initiate secure erase for disk {disk_id} on controller {controller_id}. Status code: {erase_response.status_code}')

            # Example logic for virtual disk management can be placed here

            # Close the session
            session_id_url = f'https://{bmc_ip}{session_response.headers.get("Location")}'
            requests.delete(session_id_url, headers=auth_header, verify=False)
            print(f"Session closed for {name}.")

      env:
        - name: infra-env
          value: $(params.infra-env)
        - name: rack-ns
          value: $(params.rack-ns)
        - name: bmc-user
          value: $(params.bmc-user)
        - name: bmc-pass
          value: $(params.bmc-pass)
        - name: ocp-cluster-name
          value: $(params.ocp-cluster-name)
  workspaces:
    - name: output
      description: The git repo will be cloned onto the volume backing this Workspace.
